CVE-2018-6054 – chromium-browser: use after free in webui
https://notcve.org/view.php?id=CVE-2018-6054
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Uso de memoria previamente liberada en WebUI en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/797511 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6054 https://bugzilla.redhat.com/show_bug.cgi?id=1538526 • CWE-416: Use After Free •
CVE-2018-6040 – chromium-browser: content security policy bypass
https://notcve.org/view.php?id=CVE-2018-6040
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. Aplicación de políticas insuficiente en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto omitiese las políticas de seguridad del contenido mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/778658 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6040 https://bugzilla.redhat.com/show_bug.cgi?id=1538512 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-6046 – chromium-browser: insufficient isolation of devtools from extensions
https://notcve.org/view.php?id=CVE-2018-6046
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Validación de datos insuficiente en DevTools en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos cross-origin de un usuario mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/798163 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6046 https://bugzilla.redhat.com/show_bug.cgi?id=1538517 • CWE-20: Improper Input Validation •
CVE-2018-6032 – chromium-browser: same origin bypass in shared worker
https://notcve.org/view.php?id=CVE-2018-6032
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. Aplicación de políticas insuficiente en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase los datos cross-origin del usuario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/787103 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6032 https://bugzilla.redhat.com/show_bug.cgi?id=1538504 • CWE-20: Improper Input Validation •
CVE-2018-6047 – chromium-browser: cross origin url leak in webgl
https://notcve.org/view.php?id=CVE-2018-6047
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. Aplicación de políticas insuficiente en WebGL en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase URL de redirección del usuario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/799847 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6047 https://bugzilla.redhat.com/show_bug.cgi?id=1538518 • CWE-20: Improper Input Validation •